Skip to content

Docker Image CI

Docker Image CI #1039

Workflow file for this run

---
name: Docker Image CI
on:
schedule:
- cron: '0 0 * * *'
push:
branches: [master]
pull_request:
branches: [master]
workflow_dispatch:
branches: [master]
env:
DOCKER_REPO_NAME: bateau
DOCKER_IMAGE_NAME: openttd
jobs:
# Get list of versions
get_versions:
runs-on: ubuntu-latest
steps:
- name: get versions
id: get_versions
# yamllint disable-line rule:line-length
run: |
versions=$(curl -s -H 'Accept: application/vnd.github.v3+json' https://api.github.com/repos/OpenTTD/OpenTTD/releases | jq -cMr '[.[:10]|.[]|.tag_name]')
latest=$(curl -s -H 'Accept: application/vnd.github.v3+json' https://api.github.com/repos/OpenTTD/OpenTTD/releases | jq -cMr '([.[]|select(all(.tag_name; contains("beta")|not))])|.[:1]|.[].tag_name')
echo "versions=${versions}" >> $GITHUB_OUTPUT
echo "latest=${latest}" >> $GITHUB_OUTPUT
- name: Output version string
run: |
echo ${{ steps.get_versions.outputs.versions }}
echo ${{ steps.get_versions.outputs.latest }}
outputs:
versions: ${{ steps.get_versions.outputs.versions }}
latest: ${{ steps.get_versions.outputs.latest }}
# Build openttd images
build:
runs-on: ubuntu-latest
needs: get_versions
strategy:
matrix:
version: ${{ fromJson(needs.get_versions.outputs.versions) }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Docker registry authentication
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
- name: Set up Qemu
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
- name: Output platforms
run: |
echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
- name: Build and push ${{ matrix.version }} with latest tag
if: needs.get_versions.outputs.latest == matrix.version
uses: docker/build-push-action@v4
with:
push: true
pull: true
build-args: OPENTTD_VERSION=${{ matrix.version }}
tags: |
${{ env.DOCKER_REPO_NAME }}/${{ env.DOCKER_IMAGE_NAME }}:latest
${{ env.DOCKER_REPO_NAME }}/${{ env.DOCKER_IMAGE_NAME }}:${{ matrix.version }}
- name: Build and push ${{ matrix.version }}
if: needs.get_versions.outputs.latest != matrix.version
uses: docker/build-push-action@v4
with:
push: true
pull: true
build-args: OPENTTD_VERSION=${{ matrix.version }}
tags: ${{ env.DOCKER_REPO_NAME }}/${{ env.DOCKER_IMAGE_NAME }}:${{ matrix.version }}
# Trivy test
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
id: trivy
with:
image-ref: '${{ env.DOCKER_REPO_NAME }}/${{ env.DOCKER_IMAGE_NAME }}:${{ matrix.version }}'
format: 'json'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
output: results.json
- name: test outputs
run: |
cat results.json